In recent weeks, you may have noticed a wave of "Privacy Policy updates" coming through your email inbox. What financial advisors, and particularly those of us in the US, may be less knowledgeable of, is what's driving these updates. The answer is the "General Data Protection Regulation" (GDPR), which is a new set of laws that govern internet privacy in the EU, and will go into effect this week on May 25, 2018. And while it may seem that privacy regulation in the EU is irrelevant to US advisors - who are not based in the EU - the reality is that if you have any clients in the EU, you market your services to clients in the EU, or you have clients who will be moving to the EU, then you are subject to GDPR as well! And there is some debate that even merely having EU web traffic that you're tracking on your website could trigger GDPR rules for US financial advisors!
In this guest post, Zach McDonald of Mineral Interactive shares his thoughts on how US financial advisors can remain compliant with EU laws as GDPR goes into effect, including understanding the rights of consumers guaranteed under GDPR (e.g., the right to be forgotten, right to have access to personal data, right to grant or deny services consent, and the right to grant or deny placement of cookies), the advisors potentially impacted under GDPR (including any advisors who work with or solicit clients in the EU, and potentially even those who may merely have EU web traffic), the steps advisors can take to become GDPR compliant (from getting permission to track cookies, to verifying that vendors are compliant, and more), and the tools advisors commonly use that could also create GDPR issues (such as appointment schedulers, landing pagers, and many others)!
Ultimately, though, the key point is to acknowledge that advisors in the US cannot simply ignore GDPR as something that only applies to those in Europe. Many advisors in the US could fall under GDPR, due to something as minor as a single existing client who moves to Europe. And until we see how the EU will enforce the regulations, there is a risk that even just getting EU web traffic (whether the advisor wants it or not!) could trigger GDPR issues. As a result, advisors overlook GDPR compliance at their own risk, as failure to comply with GDPR can lead to substantial EU fines! And given the recent scandals and large-scale breaches of consumer data in the US – such as those at Facebook and Equifax – there's also the possibility that GDPR could simply serve as a bellwether of changes to come here in the US as well! (Which means we may all be subject to GDPR-like rules soon enough!)